Ridding myself of root passwords?

Michael Torrie torriem at gmail.com
Thu Feb 6 21:07:24 MST 2014


On 02/06/2014 02:22 PM, S. Dale Morrey wrote:
> Ok I understand what you are saying.
> My point is that SELinux gets in the way of what I would consider good
> security practices.
> 
> Think about it this way.
> If you configure SELinux to be permissive, then there is effectively no
> difference between that and not having it run at all.

No, but in theory this helps you what permissions your process has to
have to run.

You're not the only one that struggles with SElinux.  It's a powerful
concept but the use of it is very hard.  Just today I was battling
selinux and lost on my recently installed Fedora desktop.  With the
nvidia drivers, X just won't load at all with selinux on enforcing *or*
permissive!  It's the weirdest thing.  Disable selinux completely and it
runs fine.  I straced X, and it just hangs on a futex.  I can't get any
useful information out of it.

Also in permssive mode, my logs are full of warnings of violations from
processes that are completely stock.  In other words, it should work
just fine, since Fedora ships with selinux enabled and enforcing, and
things presumably work.  But I have problems.  I have relabeled the
entire file system several times.  Still no go.  so I've given up for now.

However my next job is to redo my VPS's, and I will be employing selinux
for sure.  Not doing it until now is a disaster waiting to happen.


More information about the PLUG mailing list